CVE-2026-27002 – OpenClaw's Docker sandbox configuration injecti... (How to Fix)

Q: What is the severity of CVE-2026-27002?

CVE-2026-27002 has a CVSS score of 9.8 (CRITICAL). OpenClaw's Docker sandbox configuration injection vulnerability allows attackers to escape container isolation and access the host system. This affects OpenClaw personal AI assistant deployments using Docker sandboxing prior to version 2026.2.15. Attackers could potentially access host data or execute code on the underlying host.

📋 TL;DR

OpenClaw's Docker sandbox configuration injection vulnerability allows attackers to escape container isolation and access the host system. This affects OpenClaw personal AI assistant deployments using Docker sandboxing prior to version 2026.2.15. Attackers could potentially access host data or execute code on the underlying host.

💻 Affected Systems

Products:

OpenClaw

Versions: All versions prior to 2026.2.15

Operating Systems: Linux (Docker host)

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when Docker sandbox is configured with dangerous options like host networking, unconfined profiles, or system directory bind mounts.

📦 What is this software?

Openclaw by Openclaw

View all CVEs affecting Openclaw →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full container escape leading to host system compromise, data exfiltration, and lateral movement within the environment.

🟠

Likely Case

Unauthorized access to host files and directories, potential privilege escalation, and data leakage.

🟢

If Mitigated

Limited to container-level access with no host system impact when proper sandbox restrictions are enforced.

🌐 Internet-Facing: MEDIUM - Requires access to OpenClaw interface and ability to modify sandbox configurations.

🏢 Internal Only: MEDIUM - Internal attackers with access to OpenClaw configuration could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires ability to modify OpenClaw sandbox configuration settings. No public exploit code has been released.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2026.2.15

Vendor Advisory: https://github.com/openclaw/openclaw/security/advisories/GHSA-w235-x559-36mg

Restart Required: Yes

Instructions:

1. Update OpenClaw to version 2026.2.15 or later. 2. Restart OpenClaw services. 3. Verify configuration schema validation is enabled.

🔧 Temporary Workarounds

Secure Docker Sandbox Configuration

linux

Manually restrict dangerous Docker options in OpenClaw configuration

# Edit OpenClaw configuration to ensure:
# agents.*.sandbox.docker.binds does NOT mount system directories or Docker socket
# agents.*.sandbox.docker.network = 'none' or 'bridge'
# Do not use 'unconfined' for seccomp or AppArmor profiles

🧯 If You Can't Patch

Review and audit all OpenClaw sandbox configurations for dangerous Docker options
Implement network segmentation to isolate OpenClaw containers from sensitive systems

🔍 How to Verify

Check if Vulnerable:

Check OpenClaw version and review configuration for dangerous Docker sandbox settings like network=host, unconfined profiles, or system directory bind mounts.

Check Version:

openclaw --version

Verify Fix Applied:

Verify OpenClaw version is 2026.2.15 or later and test that dangerous Docker options are rejected by configuration validation.

📡 Detection & Monitoring

Log Indicators:

Docker container creation with host networking
Attempts to mount system directories or Docker socket
Use of unconfined security profiles

Network Indicators:

Containers attempting to access host network services

SIEM Query:

docker.event=create AND (docker.network=host OR docker.security_profile=unconfined)

📊 Metadata

CVE ID: CVE-2026-27002

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-250

Published: February 20, 2026

Last Updated: February 20, 2026

🔗 References

https://github.com/openclaw/openclaw/commit/887b209db47f1f9322fead241a1c0b043fd38339 Patch
https://github.com/openclaw/openclaw/releases/tag/v2026.2.15 Product,Release Notes
https://github.com/openclaw/openclaw/security/advisories/GHSA-w235-x559-36mg Mitigation,Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-27002, you might also want to check these: